Community Member

Create custom SAML authorization page with link to login/canvas

Hi there,

We use SAML authentication (Google) for the majority of our users, students on Chromebooks. Because this method is in position 1, when students log in to their device, their Dashboard automatically loads from ...login/saml without additional clicks. This is meaningful especially because we have younger students on devices.

Parents use Observer accounts with passwords by logging in to .../login/canvas; however, they run into the problem that their Canvas notifications contain hyperlinks that route them to the SAML authentication, confusing most Observer users.

Initially I set up a Discovery URL to address the authentication issue; however, this means that every student logging on to their Chromebook now has to select that they are a student upon logging in. This creates an extra step for students, again thinking of those younger ones.

A suggestion was to customize the SAML authentication page with HTML & Javascript to include a button like "If you are a parent..." that directs to their Canvas authentication. Does anyone have experience customizing a SAML page for a purpose like this? That is unfortunately outside of our expertise.

Thank you in advance!

Labels (1)
6 Replies
Community Champion

If it's a Canvas login page, it should be possible to modify it with Global Themes.

We modify several of the elements on the login page. https://ccsd.instructure.com 

Trouble Logging In - we replace the entire Forgot Password option

Parents Get Accounts Too - we append the note for Employees

It does require JavaScript and HTML. Our's currently uses jQuery, something I need to remedy, maybe this summer.

Thanks, Robert! I appreciate your reply and I hope folks found it helpful. Smiley Happy

Since our position 1 authentication method is SAML, unfortunately the page we would need to modify is the SAML authentication page, as the Canvas login page is the position 2 method that I'd like to route parents to if their credentials are not found from the position 1 method. At least that is my understanding, but feel free to correct me if anyone sees this differently!

Community Contributor

Hi Tim,

As you suspect, that's a function of your SAML provider, and Google doesn't provide much (any) customization.

The workaround would be to create your own login provider that acts as a proxy for Google auth, and put that in position 1. 

That's what I've confirmed as well asking on the IRC. Smiley Sad

Community Champion

Hi Tim --

You may be able to include some Javascript in your Discovery page that would remember (using a cookie) what authentication option the user picked, and on subsequent loads it could just immediately redirect the user there.  

I expect you could either set the cookie automatically, or by user choice ("check this box to remember your selection for 30 days" or something like that). 

We don't currently use a discovery page, so I don't have any actual JS code to share, but maybe someone else here has done something like that. 

Hope this is helpful!


Ah, Colin, that is a great thought! Thank you for that, I am going to investigate further.